Remote Code Execution Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2017-6792
6.5MEDIUM
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 7 September 2017
What is CVE-2017-6792?
A vulnerability exists in the batch provisioning feature of Cisco Prime Collaboration Provisioning Tool that permits an authenticated remote attacker to overwrite critical system files with root privileges. This is attributed to insufficient input validation of parameters used in batch file name and directory settings. By manipulating the parameters during a batch action, an attacker can successfully execute arbitrary code and compromise the system's integrity. Organizations using the affected product should implement recommended security measures to mitigate risks.
Affected Version(s)
Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool